Existing covert communication techniques suffer from poor practicality, weak protocol adaptability, and vulnerability to detection. To address these issues, this paper proposes a decentralized, modular covert communication framework. The framework embeds covert data into protocol redundancy fields, integrating traffic camouflage, packet fragmentation, and cross-layer distributed scheduling—enabling multi-protocol adaptive steganography without generating additional packets. Its plug-and-play architecture supports runtime dynamic composition of steganographic channels, significantly enhancing detection resistance. Experimental evaluation on a real-world ten-node network achieves a covert throughput of 1.6 MB/s, demonstrating strong robustness and effective evasion of mainstream intrusion detection/prevention systems (IDS/IPS) and deep packet inspection (DPI) mechanisms.

Network steganography and covert communication channels have been studied extensively in the past. However, prior works offer minimal practical use for their proposed techniques and are limited to specific use cases and network protocols. In this paper, we show that covert channels in networking have a much greater potential for practical secret communication than what has been discussed before. We present a covert channel framework, CYPRESS, that creates a reliable hidden communication channel by mounting packets from secret network entities on regular packets that flow through the network, effectively transmitting a separate network traffic without generating new packets for it. CYPRESS establishes a consolidated decentralized framework in which different covert channels for various protocols are defined with their custom handler code that are plugged into the system and updated on-demand to evade detection. CYPRESS then chooses at run-time how and in what order the covert channels should be used for fragmentation and hidden transmission of data. We can reach up to 1.6MB/s of secret bandwidth in a network of ten users connected to the Internet. We demonstrate the robustness and reliability of our approach in secret communication through various security-sensitive real-world experiments. Our evaluations show that network protocols provide a notable opportunity for unconventional storage and hidden transmission of data to bypass different types of security measures and to hide the source of various cyber attacks.